Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: General :: web5738.htm

ArGoSoft Mail Server Pro Script Injection
8th Oct 2002 [SBWID-5738]

	ArGoSoft Mail Server Pro script injection


	ArGoSoft Mail Server Pro, tested on version


	Francisco Claude [] says :

	it is posible to  execute  javascript  by  sending  it  inside  a  mail,
	ArGoSoft does not filter that, and you can steal  the  cookie  from  the
	user, the cookie has a problem  too,  it  saves  the  username  and  the
	password in plain text, you have only to  decode  the  cookie,  and  you
	have something like that:





	desactivate de Web-Mail interface until a patch is released.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH